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CLAIMS 

PM 1 . A system for filtering input data comprising: 

2 a filtering database for storing at least one rule table, said rule table comprising a data 

3 element locator and a default rule; and 
ffl/ a data filtering engine coupled to the filtering database for filtering said input data using 

5 the at least one rule table in the filtering database. 

1 2. The system for filtering input data in claim 1 wherein the filtering database comprises 

2 layered tables of rule tables. 

JJ 1 3. The system for filtering input data in claim 1 wherein the default rule comprises a 

2 statistics counter. 

^ 1 4. The system for filtering input data in claim 1 wherein the at least one rule table further 

2 comprises at least one filtering rule. 

5 1 5. The system for filtering input data in claim 4 wherein the at least one filtering rule 

sfi 2 comprises a statistics counter. 

1 6. The system for filtering input data in claim 1 wherein the data element locator comprises 

2 an offset and a mask for selecting a data element of the input data. 

1 7. The system for filtering input data in claim 1 wherein the data element locator further 

2 comprises a table timer. 

1 8. The system for filtering input data in claim 1 wherein the data filtering engine further 

2 comprises: 
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3 a data buffer for storing the input data; 

4 a data element locator buffer for storing the data element locator; and 

5 a rule evaluator for receiving the input data from the data buffer and applying the at least 

6 one rule table to the input data. 

19. A system for filtering input data comprising: 

2 a filtering database comprising layered rule tables, each rule table comprising a data 

3 element locator and a default rule; and 

4 a data filtering engine coupled to the filtering database for filtering said input data using 
p 5 the layered rule tables in the filtering database. 

£ 1 10. The system for filtering input data in claim 9 wherein each rule table further comprises at 

O 

H 2 least one filtering rule. 

fsfe 

jk 1 11. The system for filtering input data in claim 10 wherein the at least one filtering rule 

fy 2 comprises a statistics counter. 

ffi 1 12. The system for filtering input data in claim 9 wherein the data element locator comprises 

2 an offset and a mask for selecting a data element of the input data. 

1 13. The system for filtering input data in claim 9 wherein the data filtering engine further 

2 comprises: 

3 a data buffer for storing the input data; 

4 a data element locator buffer for storing the data element locator; and 
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5 a rule evaluator for receiving the input data from the data buffer and applying at least one 

6 rule table to the input data. 

1 14. The system for filtering input data in claim 13 wherein the rule evaluator uses the data 

2 element locator to select a data element from the input data. 

1 15. A system for filtering input data comprising: 

2 a data buffer for storing the input data; 

3 a data element locator for indicating a data element in the input data; 

4 at least one rule table for storing the data element locator and at least one rule to be 

5 applied to the data element in the input data; and 

6 a rule evaluator having a first input coupled to the data buffer for using the data element 

7 locator to determine the data element from the input data and for applying the at least one rule 

8 table to the data element. 

1 16. The system for filtering input data in claim 1 5 wherein the at least one rule table 

2 comprises at least one filtering rule and at least one default rule to be applied to the data element 

3 indicated by the data element locator. 

1 17. The system for filtering input data in claim 16 wherein the at least one filtering rule and 

2 the at least one default rule comprise a statistics counter. 

1 18. The system for filtering input data in claim 1 5 further comprising: 

2 a filtering database for storing the at least one rule table as layered tables of rules. 

1 19. A system for filtering input data comprising: 
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2 a data buffer for storing the input data; 

3 a data element locator for indicating a data element in the input data; 

4 a filtering database comprising layered tables of rules, each rule table comprising the data 

5 element locator and at least one rule to be applied to the data element in the input data; and 

6 a rule evaluator having a first input coupled to the data buffer for using the data element 

7 locator to determine the data element from the input data and for applying the at least one rule 

8 table to the data element. 

1 20. The system for filtering input data in claim 19 wherein each rule table comprises at least 
□ 2 one filtering rule and at least one default rule to be applied to the data element indicated by the 
rU 3 data element locator. 

p. 1 21 . A method for filtering input data comprising at least one data element in a. system 

2 comprising a filtering database, wherein the filtering database comprises at least one rule table, 

JSCS., 

~U 3 said at least one rule table comprising a data element locator and a default rule, the method 

is § 

O 4 comprising the steps of 

^ 5 selecting the data element from the input data; 

6 comparing the selected data element to an upper bound of the filtering rule; and 

7 comparing the selected data element to a lower bound of the filtering rule. 

1 22. The method of claim 21 wherein the step of selecting the data element further comprises 

2 the substeps of: 

3 obtaining the data element locator from the rule table in the filtering database; and 
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4 applying the data element locator to the input data to select the data element from the 

5 input data. 

1 23 . The method of claim 2 1 wherein the step of comparing the selected data element to an 

2 upper bound of the filtering rule comprises the substep of: 

3 determining whether the selected data element is less than or equal to the upper bound. 

1 24. The method of claim 21 wherein the step of comparing the selected data element to a 

2 lower bound of the filtering rule comprises the substep of: 

3 determining whether the selected data element is greater than or equal to the lower bound. 

Iy 1 25. A method for filtering input data in a system comprising a filtering database containing 

D 2 layered tables of rule tables, the method comprising the steps of: 
?Z 3 selecting a data element from the input data; 

L 4 accessing a rule table in said layered tables of rule tables corresponding to the selected 

F 

fl| 5 data element; said rule table comprising at least one filtering rule; and 
0 6 applying the at least one filtering rule to the selected data element. 

1 26. The method of claim 25 wherein the step of selecting a data element further comprises 

2 the substeps of: 

3 obtaining a data element locator from the rule table in the filtering database; and 

4 applying the data element locator to the input data to select the data element from the 

5 input data. 
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1 27. The method of claim 25 wherein the step of applying the at least one filtering rule 

* 2 comprises the substep of: 

3 determining whether the selected data element is less than or equal to an upper bound. 

1 28. The method of claim 25 wherein the step of applying the at least one filtering rule 

2 comprises the substep of: 

3 determining whether the selected data element is greater than or equal to a lower bound. 

1 29. A system for filtering packets comprising: 

2 a filtering database for storing at least one rule table, said at least one rule table 

3 3 comprising a protocol element locator and a default rule; and 

B 

£4 a packet filtering engine coupled to the filtering database for filtering said packets using 

5 the at least one rule table in the filtering database. 

k 1 30. The system for filtering packets in claim 29 wherein the filtering database comprises 

pi 

Hi 2 layered tables of rule tables. 

is"; ' 

0 1 31. The system for filtering packets in claim 29 wherein the at least one rule table further 

2 comprises at least one filtering rule. 

1 32. The system for filtering packets in claim 3 1 wherein the at least one filtering rule 

2 comprises a statistics counter. 

1 33. The system for filtering packets in claim 29 wherein the protocol element locator 

2 comprises an offset and a mask for selecting a protocol element of the packet. 
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1 34. The system for filtering packets in claim 29 wherein the protocol element locator further 

2 comprises a table timer and statistics counters. 

1 35. The system for filtering packets in claim 29 wherein the packet filtering engine further 

2 comprises: 

3 a packet buffer for storing packet; 

4 a protocol element locator buffer for storing the protocol element locator; and 

5 a rule evaluator for receiving the packet from the packet buffer and applying the at least 

6 one rule table to the packet. 

3 1 36. The system of claim 29 wherein the packet filtering engine is coupled to receive a packet 

fy 

*p 2 prototype modifying the filtering database. 

^ 1 37. A system for filtering packets comprising: 

•U .2 a filtering database comprising a plurality of layered rule tables, each rule table 

ft! 3 comprising a protocol element locator and a default rule; and 

ffl 4 a packet filtering engine coupled to the filtering database for filtering said packets using 

5 the layered rule tables in the filtering database, 

6 wherein the system is coupled to receive a packet prototype for determining a location to 

7 be modified in the filtering database. 

1 38. The system for filtering packets in claim 37 wherein each rule table further comprises at 

2 least one filtering rule. 
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1 39. The system for filtering packets in claim 37 wherein the at least one filtering rule 

2 comprises a statistics counter. 

1 40. The system for filtering packets in claim 37 wherein the protocol element locator 

2 comprises an offset and a mask for selecting a protocol element from the packet. 

1 41 . The system for filtering packets in claim 37 wherein the packet filtering engine further 

2 comprises: 

3 a packet buffer for storing packets; 

4 a protocol element locator buffer for storing the protocol element locator; and 

g 5 a rule evaluator for receiving the packet from the packet buffer and applying at least one 

: ; . y i 

|= 6 rule table to the packet. 

K i 42. The system for filtering packets in claim 37 wherein the rule evaluator uses the protocol 

JU. 2 element locator to select a protocol element from the packet. 

jy 

■ 1 43 . A system for filtering packets comprising: 
0 2 a packet buffer for storing the packets; 

3 a protocol element locator for indicating a protocol element in the packet; 

4 at least one rule table for storing the protocol element locator and at least one filtering 

5 rule to be applied to the protocol element in the packet; and 

6 a rule evaluator having a first input coupled to the packet buffer for using the protocol 

7 element locator to determine the protocol element from the packet and for applying the at least 

8 one rule table to the protocol element. 
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1 44. The system for filtering packets in claim 43 wherein the at least one rule table comprises 

2 at least one filtering rule and at least one default rule to be applied to the protocol element 

3 indicated by the protocol element locator. 

1 45. The system for filtering packets in claim 43 further comprising: 

2 a filtering database for storing a decision tree as layered tables of rules. 

1 46. The system for filtering packets in claim 43 further comprising a processor interface, 

2 wherein the processor interface is coupled to receive a packet prototype for determining a 

3 location in the filtering database. 

jy 1 47. A system for filtering packets comprising: 
0 2 a packet buffer for storing packets; 

H= 3 a protocol element locator for indicating a protocol element in the packet; 

L 4 a filtering database comprising layered tables of rules, each rule table comprising the 

f„JL. 

hi 5 protocol element locator and at least one rule to be applied to the protocol element in the packet; 

ffi 6 and 

7 a rule evaluator having a first input coupled to the packet buffer for using the protocol 

8 element locator to determine the protocol element from the packet and for applying the at least 

9 one rule table to the protocol element. 

1 48. The system for filtering packets in claim 47 wherein each rule table comprises at least 

2 one filtering rule and at least one default rule to be applied to the protocol element indicated by 

3 the protocol element locator. 
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1 49. The system for filtering packets in claim 47 further comprising a processor interface for 

2 receiving a packet prototype, said packet prototype to be used in modifying the filtering database. 

1 50. A method for filtering packets, each packet comprising at least one protocol element, in a 

2 system comprising a filtering database, wherein the filtering database comprises at least one rule 

3 table, said at least one rule table comprising a protocol element locator and a filtering rule, the 

4 method comprising the steps of: 

5 selecting the protocol element from the input data; 

6 comparing the selected protocol element to an upper bound of the filtering rule; and 
p 7 comparing the selected protocol element to a lower bound of the filtering rule. 

ill 

f 1 51. The method of claim 50 wherein the step of selecting the protocol element further 

fz- 2 comprises the substeps of: 

^ 3 obtaining the protocol element locator from the rule table in the filtering database; and 

M 4 applying the protocol element locator to the packet to select the protocol element from the 

^ 5 packet. 

1 52. The method of claim 50 wherein the step of comparing the selected protocol element to 

2 the upper bound of the filtering rule comprises the substep of: 

3 determining whether the selected protocol element is less than or equal to the upper 

4 bound. 

1 53 . The method of claim 50 wherein the step of comparing the selected protocol element to 

2 the lower bound of the filtering rule comprises the substep of: 
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3 determining whether the selected protocol element is greater than or equal to the lower 

4 bound. 

1 54. The method of claim 50 further comprising the step of receiving a packet prototype for 

2 modifying the filtering database. 

1 55. A method for filtering packets in a system comprising a filtering database containing 

2 layered tables of rule tables, the method comprising the steps of: 

3 selecting a protocol element from the input data; 

4 accessing a rule table in said layered tables of rule tables corresponding to the selected 
3 5 protocol element; said rule table comprising at least one filtering rule; and 

4S 6 applying the at least one filtering rule to the selected protocol element. 

SSBS; 

^ 1 56. The method of claim 55 wherein the step of selecting a protocol element further 

p|. 2 comprises the substeps of: 

jfy 3 obtaining a protocol element locator from the rule table in the filtering database; and 

0 4 applying the protocol element locator to the packet to select the protocol element from the 

m 

5 packet. 

1 57. The method of claim 55 wherein the step of applying the at least one filtering rule 

2 comprises the substep of: 

3 determining whether the selected protocol element is less than or equal to an upper 

4 bound. 
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1 58. The method of claim 55 wherein the step of applying the at least one filtering rule 

2 comprises the substep of: 

3 determining whether the selected protocol element is greater than or equal to a lower 

4 bound. 

1 59. The method of claim 55 further comprising the step of receiving a packet prototype for 

2 modifying the filtering database. 

1 60. A system for filtering packets in parallel comprising; 

2 a packet data interface, for receiving a packet; and 

EKS. 

3 3 a parallel filtering database coupled to the packet data interface, the parallel filtering 

£ 4 database comprising a parallel filtering database entry. 

^1 61 . The system in claim 60 wherein the filtering database further comprises: 
~ 2 at least one Table ID Content Addressable Memory (CAM); 

ft) 3 a Filtering rule storage; and 

B4 an Associated Data. 

iijLii 

1 62. The system in claim 60 wherein the system is coupled to receive a packet prototype for 

2 modifying the parallel filtering database. 

1 63. A system for modifying a filtering database comprising: 

2 a packet prototype for determining a location to be modified in the filtering database, and 

3 a filtering engine for receiving the packet prototype and for modifying the location 

4 determined by the packet prototype. 



21526/03576/6068 



1 64. The system of claim 63 wherein the packet prototype comprises: 

2 at least one protocol element descriptor having an upper bound and a lower bound, 

3 wherein said lower bound and said upper bound are used to point to a location in the filtering 

4 database. 

1 65 . The system of claim 63 wherein the packet prototype is received from an external 

2 software source. 

1 66. A method for modifying a filtering database, the method comprising the steps of : 

2 receiving a packet prototype, said packet prototype comprising an upper bound and a 

3 lower bound; 

4 using the packet prototype to determine a specific location in the filtering database; and 

5 modifying the specific location in the filtering database. 

1 67. The method of claim 66 wherein the packet prototype further comprises an offset and a 

2 mask. 

1 68. The method of claim 66 wherein the specific location in the filtering database is a 

2 filtering rule. 

1 69. The method of claim 66 wherein the specific location in the filtering database is a rule 

2 table. 

1 70. The method of claim 66 wherein the step of modifying the specific location in the 

2 filtering database comprises adding or deleting a filtering rule. 
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1 71 . The method of claim 66 wherein the step of modifying the specific location in the 

2 filtering database comprises adding or deleting a rule table. 
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